HI wavetyler,

Do you happen to know what version of NPE your brother ran? Can you find out?

The "winlogon.exe" should not have been checked by default for remediation though it might have been listed in the bottom section of the NPE results window.

For any file which represents a windows file if you check the "fix" box a warning message should pop up which includes the following.

I have asked Symantec to make the wording of this warning message much stronger for these types of files and to remove the "Dont show this message again" checkbox. There should not (for obvious reasons) be a checkbox for something this critical.

Thanks very much and I'm happy that you were able to get the computer working again.

Best wishes.

Allen

There should be a way to "undo" any NPE fixes using the NBRT.

An infected system that boots is better than an infected system that can't boot.

---

DaveH wrote:

There should be a way to "undo" any NPE fixes using the NBRT.

An infected system that boots is better than an infected system that can't boot.

---

Hi Dave,

Exactly my point. And I do want to see some stronger wording for these types of files.

Best wishes.

Allen

What bothers me is that the NPE has access to the internet.  It should be able to properly identify infected files. In this particular situation, I have no doubt that the file was correctly identified as malicious, but the warning should have read that "This file is malicious, but removal may damage the operating system.  Manual removal is recommended"

Also, since the NPE has access to the net, why not make it able to access a data base of system files available for copying and replacing infected system files.  In this instance, simply replacing winlogon.exe and what I suspect was also iexplore.exe, wouldn't solve the problem but we don't know what all was fixed successfully.

When I tried the NBRT it seemed to me that they went to extra lengths to remove any of the WinPE functions not necessary to strictly run the recovery tool. Maybe I'm mistaken but I don't even remember a command line?

A basic explorer interface to be able to replace a file or copy and paste important data to another drive would be very helpfull.

If a person needs to use a bootable tool, it may be because there system doesn't boot.   Since the person using the tool owns a current symantec product, why not give that person basic tools to recover important data and possibly fix the system.

It should go a lot farther than just scanning for viruses IMO.

I have already submitted certain suggestions to Symantec.

Dave, why don't you submit some ideas to the Norton Ideas Forum?

Allen

How hard would it be to make the connections in one of these tools to tie into the chckdsk /f function of Windows, or sfc /scannow to locate replacement files. I am not a programmer so I may be way out in left field, but it seems to me that with todays rootkit infections a simple deletion of malware is seriously behind the times as well as dangerous.

---

AllenM wrote:

I have already submitted certain suggestions to Symantec.

 

Dave, why don't you submit some ideas to the Norton Ideas Forum?

 

Allen

---

To tell you the truth, I been meaning to for quite a while but I never seem to get around to it.

I had some great ideas for Ghost 16, if they could be easily implemented it would make it a much better product IMO.

BTW- There is a command line in the NBRT. It's the only other tool in the program.

But sadly, not many people are familiar with using the command line. (These kids today)